#!/bin/sh
modprobe ip_tables


iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F -t filter
iptables -F POSTROUTING -t nat
iptables -F PREROUTING -t nat
iptables -F OUTPUT -t nat
iptables -F -t nat
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Zerando contadores
iptables -Z
iptables -t nat -Z
iptables -t mangle -Z

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

iptables -A INPUT -i lo -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT


i=/proc/sys/net/ipv4
# Desabilita o trafego IP entre as placas de rede
echo "0" > /proc/sys/net/ipv4/ip_forward
# Protecao contra SYN flood
echo "1" > $i/tcp_syncookies
echo "1" > $i/icmp_echo_ignore_broadcasts
# Protecao contra responses bogus
echo "1" > $i/icmp_ignore_bogus_error_responses
echo "1" >  /proc/sys/net/ipv4/conf/all/rp_filter 
iptables -I INPUT 1 -m state --state INVALID -j LOG --log-level info --log-prefix "PKT INVALIDO - "
iptables -I INPUT 2 -m state --state INVALID -j DROP

iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 5/m -j ACCEPT

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

